--On 11 February 2004 16:30 -0500 Sean Donelan <sean@donelan.com> wrote:
And I applaud your effort. But does it really answer the question of who is responsible for handling abuse of the service? If ISP's are not responsible for abuse using port 573, they probably don't care.
I think you are missing the point. I have lots of people abusing my port 25. They can abuse this due to the nature of the (current unadorned) SMTP protocol as I have to leave it open and unauthenticated in order to receive mail to users served by my server. I can quite see why their DSL provider wants to block their connecting to my port 25, and (incidentally) other customers of theirs get caught in the collateral damage. On the other hand, I have noone even trying to abuse port 587 (sic) i.e. submission. Even if people tried, they'd find they needed authentication on that port (even to send to my local users). As I am doing nothing beyond a dumb RFC implementation, and assuming other mail hosts are no dumber, ISPs thus won't get abuse complaints for port 587 attacks in the same way they get port 25 complaints. Of course they'll get *some* port 587 complaints, just like they get some port 80 complaints. But blocking port 25 blocks access to a well known poorly authenticated service. Blocking port 587 doesn't (or rather wouldn't). If there were a whole pile of people accepting unauthenticated connections on port 587, life would be different. But there aren't & it isn't. Alex